Re: Authentication is now really strange

Tue, 29 Nov 2011 12:35:52 -0800 

Hi Kevin,
I changed the API for Authenticator a little, so that it would be
consistent with the new Registrar:

canAuthenticate(AuthenticationRequest)

is now

canAuthenticate(Class<? extends AuthenticationRequest).

In other words, it's the means by which the AuthenticationManagerStandard
askes each Authenticator whether it can authenticate a particular *type of*
AuthenticationRequest, rather than an actual AuthenticationRequest.

My guess is that you have a canAuthenticate(AuthenticationRequest) method
which doesn't have an @Override on it, and so the compiler didn't flag that
this is no longer an overriding method?

If so, you should change it, eg:

boolean canAuthenticate(AuthenticationRequest request) {
  return request instanceof AuthenticationRequestPassword;
}

is now

boolean canAuthentication(Class<? extends AuthenticationRequest>
requestType) {
  return AuthenticationRequestPassword.class.isAssignableFrom(requestType);
}


~~~
Let me know how you get on...

Dan




On 29 November 2011 20:16, Kevin Meyer - KMZ <[email protected]> wrote:

> Hi Dan,
>
> Since your latest changes to the authentication engine, I don't know
> how to handle authentication in my REST authenticator.
>
> If my authenticator returns false for:
>        isValid(AuthenticationRequest request)
> i.e. if the credentials are not valid, I get an error message:
>
> HTTP ERROR 500
>
> Problem accessing /logon.app. Reason:
>
>    No authenticator available for processing
> org.apache.isis.core.runtime.authentication.AuthenticationRequestPassword
>
> Caused by:
>
> org.apache.isis.core.runtime.authentication.standard.NoAuthenticatorException:
> No authenticator available for processing
> org.apache.isis.core.runtime.authentication.AuthenticationRequestPassword
>        at
> org.apache.isis.core.runtime.authentication.standard.AuthenticationManagerStandard.authenticate(AuthenticationManagerStandard.java:126)
>        at
> org.apache.isis.viewer.html.servlet.LogonServlet.authenticate(LogonServlet.java:126)
>
>
> If I return true, then you can login with any credentials whatsoever.
>
> Something is not quite right with this... what should I be doing?
>
> Regards,
> Kevin
>
>

Reply via email to